Security update: thunderbird 78.4 rusted against crash and malicious code

Safety update: Thunderbird 78.4 ruffed against crimes and malicious code

If you pick up and read e-mails under Linux, MacOS and Windows with Thunderbird, the application should be used for the current ie 78.4 Update. In it, the developers have closed two security. The degree of threat degree is as "high" classy.

Successfully putting on the attacker of a warning message from Mozilla to the lecture, they could exclude storage errors in both cases. This leads in a case (USE-FREE-FREE CVE-202015969) to crash the client. The vulnerability has discovered a security researcher of Google.

In this case (CVE-2020-15683) is associated with some effort to carry out the execution of harmful code. A Mozilla developer and the community have become aware of the mistake.

Attacks not readily possible

Mozilla blinds that attacks via mails are generally unlikely because scripting is disabled when reading mail. Rather, browser-like scenarios are dangerous. How this is meant is unclear. It’s probably about trap in which Thunderbird is web content. For this, the e-mail client has namely webbrowser functions installed.

If you want to pick up your mails from AOL or Yahoo with the current Thunderbird version, you must switch to the account settings on the OAuth2 authentication method. How does that work, describes a support post.

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: